[opensuse] crypttab and openSUSE
How to properly use crypttab in openSUSE? I have openSUSE 11 installed on three encrypted partitions: /, swap and /home, so I have to type password for every one of them during boot. I would like to use crypttab to automatically mount /home (automounting swap seems to be more complicated, I'm leaving it for later). I have created the key file dd if=/dev/urandom of=/etc/key-home bs=1024 count=4 set the rights for it chmod 0400 /etc/key-home added it to LUKS cryptsetup luksAddKey /dev/sda8 /etc/key-home I also checked if /dev/sda8 can be decrypted using the key file. No problem here. I have created /etc/crypttab with only one entry home /dev/sda8 /etc/key-home luks appropriate entry in /etc/fstab was already in place /dev/mapper/home /home ext3 acl,user_xattr,noatime,nodiratime,barrier=1 1 2 as the last thing, I changed the menu entry in /boot/grub/menu.lst from title openSUSE 11.0 - 2.6.25.9-0.2 root (hd0,4) kernel /vmlinuz-2.6.25.9-0.2-default root=/dev/mapper/root luks_root=/dev/sda7 luks_swap=/dev/sda6 luks_home=/dev/sda8 luks="root swap home" resume=/dev/mapper/swap splash=silent showopts vga=0x317 initrd /initrd-2.6.25.9-0.2-default to title openSUSE 11.0 auto? - 2.6.25.9-0.2 root (hd0,4) kernel /vmlinuz-2.6.25.9-0.2-default root=/dev/mapper/root luks_root=/dev/sda7 luks_swap=/dev/sda6 luks="root swap" resume=/dev/mapper/swap splash=silent showopts vga=0x317 initrd /initrd-2.6.25.9-0.2-default and rebooted. Unfortunately the partition was gone -- not even listed in /dev/mapper. In /var/log/boot.omsg I found failedActivating crypto devices using /etc/crypttab ... unused ...unused I rebooted again and used the original entry for /boot/menu.lst. It worked, but I was asked for password three times, so no progress here. How to set opensuse up to work with crypttab? -- skx, http://skxpl.eu.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi, several of us have had the same problem. I am enclosing the solution that I got from Daniel Bauer and that helped me to write the HOWTO that is attached. Regards, Paul. On Tuesday 29 July 2008 14:10:38 skx wrote:
How to properly use crypttab in openSUSE?
I have openSUSE 11 installed on three encrypted partitions: /, swap and /home, so I have to type password for every one of them during boot. I would like to use crypttab to automatically mount /home (automounting swap seems to be more complicated, I'm leaving it for later).
I have created the key file dd if=/dev/urandom of=/etc/key-home bs=1024 count=4 set the rights for it chmod 0400 /etc/key-home added it to LUKS cryptsetup luksAddKey /dev/sda8 /etc/key-home I also checked if /dev/sda8 can be decrypted using the key file. No problem here.
I have created /etc/crypttab with only one entry home /dev/sda8 /etc/key-home luks appropriate entry in /etc/fstab was already in place /dev/mapper/home /home ext3 acl,user_xattr,noatime,nodiratime,barrier=1 1 2 as the last thing, I changed the menu entry in /boot/grub/menu.lst from
title openSUSE 11.0 - 2.6.25.9-0.2 root (hd0,4) kernel /vmlinuz-2.6.25.9-0.2-default root=/dev/mapper/root luks_root=/dev/sda7 luks_swap=/dev/sda6 luks_home=/dev/sda8 luks="root swap home" resume=/dev/mapper/swap splash=silent showopts vga=0x317 initrd /initrd-2.6.25.9-0.2-default
to
title openSUSE 11.0 auto? - 2.6.25.9-0.2 root (hd0,4) kernel /vmlinuz-2.6.25.9-0.2-default root=/dev/mapper/root luks_root=/dev/sda7 luks_swap=/dev/sda6 luks="root swap" resume=/dev/mapper/swap splash=silent showopts vga=0x317 initrd /initrd-2.6.25.9-0.2-default
and rebooted. Unfortunately the partition was gone -- not even listed in /dev/mapper. In /var/log/boot.omsg I found failedActivating crypto devices using /etc/crypttab ... unused ...unused I rebooted again and used the original entry for /boot/menu.lst. It worked, but I was asked for password three times, so no progress here.
How to set opensuse up to work with crypttab?
-- skx, http://skxpl.eu.org
On Tuesday 29 July 2008 21:11:56 PaulFransen wrote:
several of us have had the same problem. I am enclosing the solution that I got from Daniel Bauer and that helped me to write the HOWTO that is attached.
Thanks a lot. Can I redistribute this howto? BTW I think yast uses weaker key than the one recommended here http://en.opensuse.org/Encrypted_Root_File_System_with_SUSE_HOWTO -- skx, http://skxpl.eu.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 02 August 2008 11:11:55 skx wrote:
On Tuesday 29 July 2008 21:11:56 PaulFransen wrote:
several of us have had the same problem. I am enclosing the solution that I got from Daniel Bauer and that helped me to write the HOWTO that is attached.
Thanks a lot. Can I redistribute this howto? BTW I think yast uses weaker key than the one recommended here http://en.opensuse.org/Encrypted_Root_File_System_with_SUSE_HOWTO
-- skx, http://skxpl.eu.org
Please feel free to do with this HOWTO what you like. I don't know how strong the encryption is that is applied by the YaST Partitioner. Anyone else? Paul -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
PaulFransen -
skx